Earlier this year, we were fairly concerned when a court ruled in favor of the RIAA in saying that Cloudflare had to automagically block any site that mentioned "Grooveshark" in the URL. Thankfully the court walked that back a bit, saying that the RIAA still had to inform Cloudflare of specific sites, but it still seemed problematic. The issue involved a few "fake" Grooveshark clones (sites pretending to be Grooveshark clones, but which actually were not). The RIAA can go after those sites directly, but the court's willingness to drag in a third party like Cloudflare was immediately problematic. That was a key part of SOPA -- the law that did not pass, yet judges keep pretending it did anyway.
Not surprisingly, whoever operated these sites ignored the lawsuit, leading to a default judgment in the RIAA's favor. That's to be expected when the defendants don't show up. But what's troubling is that the court keeps the injunction for Cloudflare in effect, basically letting the RIAA just designate any particular site as a Grooveshark clone, which Cloudflare then needs to dump within 48 hours. Even worse, if CloudFlare simply comes across a possible violation of the order by a customer, it has to proactively kick the site off its service. From the order:
IT IS FURTHER ORDERED that, in accordance with the terms of the Court's June 3, 2015 Order and its July 9, 2015 Order modifying same, CloudFlare is bound by this Order. Upon receipt notice from Plaintiffs or if CloudFlare otherwise has knowledge of an infringement or other violation of the Permanent Injunction on the part of one of its customers, CloudFlare shall cease providing its services to that customer as soon as possible, but no later than 48 hours after receiving such notice or obtaining such knowledge. CloudFlare may expeditiously notify its customers of any impending termination of their accounts as a result of this and related Court Orders.
This raises some fairly serious due process concerns. First off, Cloudflare certainly shouldn't be put in the position of determining what is and what is not infringing or violating this Court Order (in a case where it's not even a party). That puts tremendous burden on an unrelated party and it's a burden that almost certainly will pressure CloudFlare to kick sites off its service with nothing even close to resembling due process. Similarly it provides tremendous power to the RIAA to seriously damage website it doesn't like if they happen to use CloudFlare -- again with little to no due process.
That's not how the law is supposed to work. If there is infringing content, the DMCA allows the RIAA to file takedown notices, which have a clear process for notification and takedown of the infringing works. But what this order allows for is a vague standard, based on no clear law, to completely cut off services for a website, with no due process, no standard notification system and no clear appeals process.
As a default ruling in a district court this has basically no precedential value, but is quite worrisome nonetheless. Even if you believe that sites setting themselves up as Grooveshark clones deserve to be taken down, you should at least support basic due process before they can be killed off, right?
Back in 2013, we were impressed when the folks at Automattic (the company behind WordPress), actually filed some lawsuits against people who were abusing DMCA takedown notices just to takedown content they didn't like. Earlier this year, the company also took a strong stand against DMCA abuse by including a "Hall of Shame" in which it called out and shamed particularly egregious takedowns. At the time, we mentioned that other companies should pay attention. Fighting for your users' rights is important, but too many companies don't do it (and many just take things down on demand).
Now YouTube has stepped up a bit as well. There have been plenty of complaints about how YouTube -- and ContentID in particular -- deal with fair use. It's quite difficult for an algorithm to determine fair use, and that's part of the reason why we get nervous when copyright system defenders insist that you can automate takedown processes without collateral damage. However, Google has announced that it will promise to pay the legal fees (up to $1 million) of certain YouTubers where takedowns have been issued in cases where YouTube agrees that fair use applies:
We are offering legal support to a handful of videos that we believe represent clear fair uses which have been subject to DMCA takedowns. With approval of the video creators, we’ll keep the videos live on YouTube in the U.S., feature them in the YouTube Copyright Center as strong examples of fair use, and cover the cost of any copyright lawsuits brought against them.
We’re doing this because we recognize that creators can be intimidated by the DMCA’s counter notification process, and the potential for litigation that comes with it (for more background on the DMCA and copyright law see check out this Copyright Basics video). In addition to protecting the individual creator, this program could, over time, create a “demo reel” that will help the YouTube community and copyright owners alike better understand what fair use looks like online and develop best practices as a community.
It is absolutely true that even when video creators believe that their use is non-infringing because it's fair use, many still won't issue a counternotice, because the next step, if the copyright holder disagrees, is to go to court. And even if you have a slam dunk case, that can be both time consuming and incredibly expensive. And, of course, if you lose, it can be life-destroying expensive, thanks to the idiocy of statutory damages provisions in copyright law.
Constantine Guiliotis, who goes by Dean and whose channel dedicated to debunking sightings of unidentified flying objects has just over 1,000 subscribers, is one of the video makers YouTube will defend. Mr. Guiliotis has received three takedown notices from copyright holders of videos that he has found online and posted to his YouTube channel, U.F.O. Theater.
In his videos, Mr. Guiliotis includes the videos he found but also provides analysis and commentary, which YouTube argues is within the guidelines of fair use rules. The site reposted the videos after its review and told Mr. Guiliotis it would defend him against any future legal action. Like the other creators YouTube has selected, Mr. Guiliotis has not been sued for his videos.
“It was very gratifying to know a company cares about fair use and to single out someone like me,” Mr. Guiliotis said.
Sherwin Siy, over at Public Knowledge, notes that Google probably won't have to spend much money, as any copyright holder who realizes that Google is backstopping the videos will probably (wisely) realize that going to court is less likely to have the desired effect (which is usually just intimidating people into taking down content). However, it's still an important move in creating extra protection for fair use and in helping to establish a clear bar of what's considered to be fair use:
But while this means that Google isn’t likely to spend much, if any money, in litigating these cases, the program still does two very important things. First, it does in fact protect those uploaders. By giving these videos a stamp of approval, Google’s legal team will make the sort of person who sends a bogus or careless takedown notice think even harder about filing a bogus lawsuit. That sort of reassurance can be enough encouragement for someone to put back a video. Oftentimes, someone receiving a takedown notice can shy away from exercising her rights to have it put back because doing so exposes her to a lawsuit. With this sort of protection, much of that fear disappears.
But perhaps the more useful aspect of the program is that it sets a clear example of what fair use is. As videos are added to the program, other users will have a useful set of models that show what Google’s lawyers, at least, are confident is fair use. That information can help an everyday YouTube user in ways that more text-based and specific guides (for educators, etc.) might not.
And this collection of videos sets an example for far more than just other video creators. The set of fair uses on display can act as a living example of the predictability of fair use. Too often, the doctrine is considered hazy or indefinite or impossible to determine. And while there are lots of cases that can exist in a gray area, there’s even more cases that actually are pretty black or white. Most people have seen clearly infringing videos; this program will show a wider audience clearly non-infringing videos. That’s particularly important in the face of other countries who have yet to adopt fair use as a limit on their copyright laws, and have been told that it’s too unpredictable for them to rely upon.
This is why YouTube’s announcement is a game-changer: Copyright-based censorship strategies are no longer risk free. Now, before launching an unjustified DMCA takedown, the claimant will have to weigh the risk of going up against Google and its deep pockets in a lawsuit. (The legal environment could get even more interesting in light of a recent ruling in the Prince “dancing baby” that could make it easier for fair use victors to claim legal fees from those who removed their videos).
I don't know if I'd go that far. Again, Google is only protecting a "handful" of videos, but at the very least it may scare off some of the more egregious abuses, and that's always a good thing. Now, we just need even more platforms to recognize that fighting for your users' fair use rights is important.
The MPAA gleefully announced on Tuesday that it had shut down the main fork of Popcorn Time along with torrent site YTS (and its associated release group YIFY). Of course, if we go back through the history of file sharing, we can find plenty of times when the MPAA similarly declared victory over the shutdown of other file sharing sites -- and not a single one did a damn thing to slow down piracy rates. People just move on to something else. And yet, the MPAA thinks that it did something important here:
“This coordinated legal action is part of a larger comprehensive approach being taken by the MPAA and its international affiliates to combat content theft,” said Chris Dodd, chairman and chief executive of the MPAA, in a statement.
Dodd also says, "By shutting down these illegal commercial enterprises, which operate on a massive global scale, we are protecting not only our members’ creative work and the hundreds of innovative, legal digital distribution platforms, but also the millions of people whose jobs depend on a vibrant motion picture and television industry.”
Dodd is wrong. He's not protecting anything, other than perhaps his own job. Shutting down these sites doesn't decrease infringement -- the infringement just moves elsewhere. It's a giant game of whac-a-mole that the MPAA (and RIAA) have been playing for over a decade, and never seeing any kind of different result.
We highlighted this just last month with our Carrot or Stick research report, which made it clear that these enforcement efforts don't do a damn thing to slow down piracy, and don't do anything to help content creators or the wider creative ecosystem to get paid. You know what does do that? Allowing more innovation to flow. Popcorn Time was popular not just because it was "free" but because the interface and usability were incredible. The MPAA should be learning from that, in understanding how to help offer better products rather than celebrating shutting it down.
Again and again we've seen that when people are presented with good, convenient and reasonably priced options, they massively decrease their infringing activities. But the MPAA has actually made that difficult by burdening most services with ridiculous requirements (like forcing people to watch a movie within 24 hours, or limiting things so that the market becomes fragmented and people can't find the content they actually want to see). If the MPAA were truly concerned with making sure that revenue was supporting the creative ecosystem it would be looking at what Popcorn Time did right, and creating a legal service based on it. Cheering on the fact that you whac'd another mole, while everyone's already moved on to something else is hardly something worth celebrating.
from the perhaps-it's-more-kafkaesque-than-orwellian dept
If you were online last week, you probably heard the story about how the George Orwell Estate supposedly had issued a takedown to CafePress for some T-shirts made by a guy named Josh Hadley that merely showed the year "1984" on them. I first saw it when someone pointed me to Hadley's Facebook post about it, in which he's quite reasonably angry. This was the T-shirt image that Hadley said was taken down:
Something about this seemed weird, so I reached out to everyone involved -- Hadley, Bill Hamilton (the literary agent who manages the Orwell Estate) and CafePress. While I was talking to all of them, the story exploded with stories in TorrentFreak, Consumerist and a number of other places, all attacking the Orwell Estate for such a (dare we say it?) Orwellian takedown. Clearly the image above is not infringing anything from Orwell's estate. The simple year "1984" is not infringing in any way.
But it didn't stop the takedown from happening... and from people angrily piling on against the estate. It took a while to get the complete story, and Hamilton was bizarrely reticent to share the details of what happened with me, other than to insist he did not send a takedown for that T-shirt, but rather for a mug that he insisted was "obviously infringing." I kept asking for the specific takedown, saying we'd be happy to put up a story showing that he was blameless, but he refused to share it. CafePress was similarly slow to respond -- and eventually would do nothing more than say "no comment." Eventually, we were able to get a copy of Hamilton's original takedown message, which was a bit vague, and just discussed a photograph of Orwell that another account was using, and some extensive quotes that were made to look like "official" licensed merchandise -- such that the takedown was a slightly vague combination trademark/copyright/publicity rights takedown.
Dear Lindsey Moore,
Your Orwell merchandise has been brought to my attention as the literary executor to the Orwell estate, responsible for all licensing and copyright.
The Orwell estate does not license merchandise, and the quotes you use and the photograph of Orwell are in breach of copyright. Please remove from sale immediately.
I look forward to hearing by return.
A M Heath & Co Ltd
6 Warwick Court
London WC1R 5DJ
Yes, the takedown message is a bit vague (Moore, if you're wondering -- whose first name is actually Lindsay, not Lindsey -- is CafePress's intellectual property agent). An official DMCA takedown notice requires the specific identification of what is infringing, and Hamilton's note fails that test. The proper thing for a company to do is to reject the deficient notice, and let the sender know that they need to file a compliant takedown notice. CafePress did not do that, and apparently just started taking down Orwell/1984 products at random. However, it does appear that the target was not Hadley's T-shirts, but rather than actually assessing whether or not anyone's rights were violated CafePress just went on a crazy takedown binge and pulled down what appears to be anything even loosely connected to Orwell/1984. And Hadley's T-shirts got caught in the crossfire.
And then CafePress refused to admit it made a mistake.
Unfortunately, this is not the first time we've written about CafePress overreacting and taking down lots of stuff over which there was no legitimate takedown. The whole situation seems rather ridiculous, and even worse is that CafePress sat there and let the Orwell Estate take the heat for its actions. It seems that, once again, if you're looking for a print-on-demand partner, CafePress is not your best choice.
While many have reported on this story as the Orwell Estate being Orwellian, the truth here seems more like CafePress being Kafkaesque.
Yesterday on Twitter, there was a big discussion over the fact that Twitter had disabled two well-known sports media Twitter feeds, both for supposedly infringing on copyrights by posting GIFs of sports highlights. Almost everything about this story is ridiculous and highlights just how screwed up copyright law is today. Let's count the ways:
The idea that these GIFs were infringing seems ridiculous. There's a very, very, very strong fair use argument here. They were showing tiny (sound-free) tidbits from college and professional football games. No one is using these in place of watching the actual games. In fact, these GIFs almost certainly act as strong advertising for getting people to actually watch games.
The idea that Twitter suspended these accounts is somewhat understandable, but still ridiculous. Yes, the DMCA in 512(i)(1)(A) requires service providers to implement a "repeat infringer policy," and that policy must "provide for the termination" of said repeat infringers. So, for this bit of ridiculous, we can blame the DMCA that sort of forces this on Twitter.
Even so, we can still blame Twitter somewhat for not standing up to the NFL and XOS Digital (which has the broadcast rights for a bunch of college football games) and saying "this is fair use."
Even given the requirement to terminate repeat infringers, doesn't it seem totally screwed up that a major channel for major media properties can simply be disappeared? This is, again, an example of why the Section 230 safe harbors are so much better than the DMCAs. Deadspin and SBNation weren't "pirate sites." They were doing something that tons of professional media have done for ages -- and suddenly they lost their accounts? That's ridiculous.
What the hell are the NFL and XOS Digital thinking? The NFL has claimed that it never asked for the accounts to be shut down -- it just wanted the tweets with the GIFs to be taken down. But, of course, that makes no sense. Under the DMCA, again, if the tweets are infringing, at some point it will hit the "repeat infringer policy" so the NFL's statement is meaningless, and suggests a lack of knowledge of copyright law. Given that this is the same sports league that flat out lies at the end of every game with its copyright message that claims you can't even repeat "accounts of the game" without "express written permission," perhaps it's not a surprise that it wouldn't understand this part of copyright law either.
What the hell are the NFL and XOS Digital thinking, part II. Who the hell is this helping? I'm assuming that both will make vague references to protecting their copyrights and about how valuable broadcast deals are. But, again, no one who put more than 3 seconds into thinking about this thinks that people are suddenly going to give up on their expensive cable package because they can watch GIFs on Twitter. That's not how this works. And really, if their broadcast deals are so fragile as to be undermined by GIFs on Twitter, perhaps there's a bigger problem there to address.
All in all, the whole thing is yet another example of the ridiculous things that come about because of our dopey copyright system.
As you may remember, Viacom once sued YouTube for $1 billion dollars over video clips on the site. Right before the case was set to start, Viacom had to scramble and remove some of the alleged infringements from the complaints, because the company realized that Viacom employees had uploaded the clips as part of their marketing campaign. Suing YouTube over clips that you yourself uploaded is not a good look, and it's a big part of the reason why Viacom's arguments fell flat in court. Viacom owns Paramount Pictures, and it would appear that the "level of care" that the company takes in sending DMCA notices has not improved much over the years.
Torrentfreak has the latest round of ridiculously bad DMCA takedown notices coming from a major Hollywood studio. Whereas in the old days, we'd see takedowns occur based on a single word, it appears that here, Paramount has upgraded its auto-censorbot to use two words. Here it appears that anything that is vaguely associated with a movie, plus the word "utorrent" must automatically be wiped from the internet. Take, for example, this conversation on the utorrent forums about how to configure Cyberghost VPN. It's all pretty innocuous, but Paramount Pictures apparently hired one of these fly-by-night censorship outfits by the name of IP-Echelon to take it down, because clearly any use of the word "Ghost" and "utorrent" must be infringing -- even when "ghost" isn't even written out as a separate word.
The Torrentfreak article has a number of similar situations, including one where someone said "imagine that" in a comment, and another where someone used the word "clueless" and Paramount/IP-Echelon insisted they were linking to infringing copies of the movies "Imagine That" and "Clueless." But that's clueless.
And, yes, it's certain that many of the other links in these notices were to actually infringing files. But just because you legitimately take down some links, it doesn't excuse trying to censor perfectly legitimate content.
As of late, Nintendo's relationship with YouTube and the YouTube community has been, shall we say, tumultuous. After rolling out a bad policy to share revenue with YouTubers on the basis that those personalities torpedo their reputations by promising only positive Nintendo coverage, claiming the monetization for a large number of "let's play" videos uploaded by independent YouTubers, and even going so far as to lay claim to the review of a Nintendo game created by well-known YouTuber "Angry Joe", Nintendo clearly seems to believe that YouTube is not so much an independent community as it is some kind of official public relations wing for the company. This is really dumb on many different levels, but chiefly it's dumb because it breeds ill-will amongst fans, of which Nintendo used to have many.
And the war drum beats on, apparently, as Nintendo has seen fit to issue massive takedowns of videos of fan-created Mario Bros. levels as the company releases its own Mario-level-builder, Super Mario Maker. What appears to be catching these YouTubers in Nintendo's crosshairs is if they used any emulators or hacks in order to make these levels.
Nintendo is targeting speedrunners and modders in a new round of YouTube copyright claims, issuing takedown requests to users who post footage from modified Super Mario World levels. The mass deletion coincides with the upcoming launch of Super Mario Maker, a Nintendo-licensed level creation toolkit for the Wii U console. Removed videos feature unauthorized Super Mario World levels created using freeware tools, rather than Nintendo’s official level design software.
Nintendo’s recent copyright claims impact speedrunners who have spent years crafting and documenting unsanctioned Super Mario World mods. According to a Kotaku report, YouTube user “PangaeaPanga” states that their channel was “wrecked” by copyright claims, resulting in the permanent removal of many popular videos.
In other words, modders had long beat Nintendo to the punch in creating software that allowed fans of Mario Bros. to create their own levels, upload them, and have folks like PangaeaPanga play them out and eventually master them. This was allowed to go on exactly up until Nintendo decided to jump into this arena, at which time the takedowns ensued. What you may not know is that there has been an active Mario Bros. modding community for these past few years, dedicated to building the most challenging levels for others to play and then post their runs on YouTube. In other words, these are huge Nintendo fans.
Super Mario World enthusiasts frequently create custom levels designed to challenge veteran players. Many of these levels require the use of little-known glitches and quirks within Super Mario World‘s engine, adding a degree of difficulty not present in the original game. Creative application of Super Mario World‘s hacking utilities has also produced unique autoplaying levels, including tributes that link in-game sound effects to backing music tracks.
Under the terms of YouTube’s copyright structure, users who have their videos claimed by copyright owners lose the ability to earn advertising revenue from their creations. Copyright holders have the option of claiming ad revenue from content-matched videos. As part of its most recent round of copyright claims, Nintendo instead opted to delete targeted videos entirely.
So we have Nintendo staring lovingly into the eyes of its biggest fans while pissing on their legs. And for what? Part of the reason Nintendo will likely make a killing with Super Mario Maker is that these dedicated fans had built up an interest in these modded levels and speedruns in the first place. Now, Nintendo intends on swooping in, killing off the videos of these fans, and yet cashing in on the market that the fans essentially created? How charming.
It's not that Nintendo can't do this, it's that it shouldn't. The company gains nothing except another round of fan discontent. Real smart, guys.
Some potentially good news this morning -- which may be undermined by the fine print. After many years of back and forth, the 9th Circuit appeals court has ruled that Universal Music may have violated the DMCA in not taking fair use into account before issuing a DMCA takedown request on a now famous YouTube video of Stephanie Lenz's infant dancing to less than 30 seconds of a Prince song playing in the background. Because of this, there can now be a trial over whether or not Universal actually had a good faith belief that the video was not fair use.
This case has been going on forever, and if you've watched the video, it's kind of amazing that a key case on fair use should be focused on that particular video, where you can barely even make out the music. The key question was whether or not Universal abused the DMCA in not first considering fair use before sending the takedown. This is fairly important, because, of course, DMCA takedowns suppress speech and if fair use is supposed to be the "pressure valve" that stops copyright from violating the First Amendment, it has to actually mean something. Section 512(f) of the DMCA says that the filer of a DMCA notice may be liable for damages for "misrepresentations," but historically that has been an almost entirely toothless part of the law (in part because of earlier rulings in the Lenz case). People hoped that would change with this ruling, and while the beginning of the ruling suggests 512(f) is getting teeth, the end yanks them all away.
The ruling in the 9th Circuit starts out great, but starts getting iffy pretty fast.
Her claim boils down to
a question of whether copyright holders have been abusing
the extrajudicial takedown procedures provided for in the
DMCA by declining to first evaluate whether the content
qualifies as fair use. We hold that the statute requires
copyright holders to consider fair use before sending a
takedown notification, and that failure to do so raises a triable
issue as to whether the copyright holder formed a subjective
good faith belief that the use was not authorized by law.
Sounds good, right? Anyone sending a DMCA notice needs to take fair use into account before sending a takedown. That may be trouble for all of those automated takedown filing systems out there, many of which we've written about. The court also reiterates that fair use is not "allowed infringement," but rather it's not infringement at all. This is also important (even though it says that directly in the law, many people pretend that it's just an "allowed" infringement). The court is not impressed by Universal Music's defense in the case, in which it argues that fair use is "not authorized by law" because, as Universal falsely claims, it is merely a "defense" to infringement. The court says that's wrong:
interpretation is incorrect as it conflates two different
concepts: an affirmative defense that is labeled as such due to
the procedural posture of the case, and an affirmative defense
that excuses impermissible conduct. Supreme Court
precedent squarely supports the conclusion that fair use does
not fall into the latter camp: “[A]nyone who . . . makes a fair
use of the work is not an infringer of the copyright with
respect to such use.”
So, that's all good. But... the details matter, and from that point on... they're weird. The court points to the earlier ruling, saying that the copyright holder "need only form a subjective good faith belief that a use is not authorized." Thus, as long as the issuer can come up with some sort of argument for why they didn't think it was fair use, they're probably safe.
As a result, Lenz’s request to impose a subjective
standard only with respect to factual beliefs and an objective
standard with respect to legal determinations is untenable.
And because of that, the court leaves a big out for just about any copyright holder. It says the court has no place in questioning how the copyright holder decided whether the use was authorized or not:
To be clear, if a copyright holder ignores or neglects our
unequivocal holding that it must consider fair use before
sending a takedown notification, it is liable for damages
under § 512(f). If, however, a copyright holder forms a
subjective good faith belief the allegedly infringing material
does not constitute fair use, we are in no position to dispute
the copyright holder’s belief even if we would have reached
the opposite conclusion.
The court says a copyright holder can't just "pay lip service" to the idea that it checked on fair use, but in the same paragraph admits that, well, it basically can. Even worse, it says that forming a "good faith belief" doesn't require actually investigating the details:
In order to comply with the strictures of
§ 512(c)(3)(A)(v), a copyright holder’s consideration of fair
use need not be searching or intensive. We follow Rossi’s
guidance that formation of a subjective good faith belief does
not require investigation of the allegedly infringing content.
So.... huh? (1) You need to take into account if it's fair use or not and you need to show a "good faith belief" that it's fair use, but... (2) you don't actually have to investigate anything, and the court cannot review your reasons for having a good faith belief. That's not a loophole. It's a blackhole that collapses 512(f) in on itself.
From there, it actually notes that automated takedowns... may be fine:
We note, without passing judgment, that the
implementation of computer algorithms appears to be a valid
and good faith middle ground for processing a plethora of
content while still meeting the DMCA’s requirements to
somehow consider fair use. Cf. Hotfile, 2013 WL 6336286,
at *47 (“The Court . . . is unaware of any decision to date that
actually addressed the need for human review, and the statute
does not specify how belief of infringement may be formed
or what knowledge may be chargeable to the notifying
entity.”). For example, consideration of fair use may be
sufficient if copyright holders utilize computer programs that
automatically identify for takedown notifications content
where: “(1) the video track matches the video track of a
copyrighted work submitted by a content owner; (2) the audio
track matches the audio track of that same copyrighted work;
and (3) nearly the entirety . . . is comprised of a single
So, uh, what? Automated takedowns may be fine because that's sort of a way to consider fair use because... no reason given. That is not at all helpful.
On a separate note, the court confirms that the trial cannot move forward by arguing that Universal had "willful blindness" about the likelihood of fair use in the case, because Lenz didn't really show that Universal had willful blindness. So that's another dead end.
Finally, the court rejected Universal Music's claim that Lenz had to show monetary damages in order to recover damages under 512(f). The court says 512(f) spans more than just monetary damages. Of course, that's almost entirely meaningless in a world in which everyone has an out through "subjective good faith" that doesn't even require investigating anything.
So this is a ruling that looks good up top, but gets bad as you read the details. There is a dissent, from Judge Milan Smith, pointing out some of the problems with the majority ruling, and the loophole that it creates. As the dissent notes, stating that something is infringing when you haven't done any fair use analysis is a misrepresentation, and 512(f) covers misrepresentations. So, in the end, a possibly important ruling is undermined with a massive loophole, which likely will lead to a continuing barrage of DMCA takedowns, including automated takedowns that suppress speech. That seems... wrong.
A few weeks ago, Brian Krebs published a fantastic article entitled how not to start an encryption company, which detailed the rather questionable claims of a company called Secure Channels Inc (SCI). The post is long and detailed and suggests strongly that (1) SCI was selling snake oil pretending to be an "unbreakable" security solution and (2) that its top execs had pretty thin skins (and in the case of the CEO, a criminal record for running an investment ponzi scheme). The company also set up a bullshit "unwinnable" hacking challenge, and then openly mocked people who criticized it.
Now enter Asher Langton, who has an uncanny ability to spot all sorts of scams (he was the one who initially tipped me off to the Walter O'Brien scam, for example). He seems to especially excel at calling out bullshit security products and companies. He's spent the past few weeks tweeting up a storm showing just how bogus Secure Channels is -- including revealing that they're just rebranding someone else's free app. He also noted that the company appeared to be (not very subtly) astroturfing its own reviews, noting that the reviews came from execs at the company:
So, uh, how did SCI respond? Let's just say not well. As detailed by Adam Steinbaugh at Popehat, a bunch of anonymous Twitter accounts magically appeared attempting to attack Langton, claiming that he was violating various computer crime and copyright laws. The accounts ridiculously argued that by posting screenshots of Secure Channel's source code, he was violating various statutes, including copyright law. This is wrong. Very wrong. Laughably wrong. In one of the screenshots posted by one of these "anonymous" accounts, other browser tabs were left visible -- and you'll notice the other two tabs.
You'll note Asher's tweet, but also a primer on "computer crime laws" and a "how to take screenshots" tab (apparently it didn't include a lesson on cropping). Oh, but more important, this tweet from a supposedly anonymous Twitter user also showed that the person taking the screenshot is logged in from a different account, that just happens to be the account of... SCI's director of Marketing Deirdre Murphy. It even uses the same photo.
This same Deirdre Murphy, back in Krebs' original article, used Twitter to attack another well recognized security expert who had been mocking SCI's claims:
James said he let it go when SCI refused to talk seriously about sharing its cryptography solution, only to hear again this past weekend from SCI’s director of marketing Deirdre “Dee” Murphy on Twitter that his dismissal of their challenge proved he was “obsolete.” Murphy later deleted the tweets, but some of them are saved here.
Right. It's entirely possible that Murphy is not behind the anonymous accounts, but she's pretty clearly connected to the screenshots that showed up on those anonymous accounts -- so even if it's not her directly... it seems likely that she's associated with whoever is doing the posting.
Oh, and then it gets worse. Right about the time Steinbaugh's article was published, someone claiming to be SecureChannels' CEO Richard Blech, sent Twitter a DMCA notice over some of Langton's tweets -- and Twitter took them down:
Twitter did this despite the fact that the DMCA claim itself was pretty clearly invalid. As summarized by Steinbaugh:
About an hour and a half after this post went live, SecureChannels CEO Richard Blech (or someone claiming to be him) sent a DMCA notice to Twitter for two of Langton's tweets, complaining that they consisted of "employee pics, company and personnel, posts copyright material, hacks products and posts copyright code from products, using trademarks, targeted harassment, slander to destroy commerce." As for the description of the "original work," Blech blathered: "Cracked an app and placed code online, uses trademarked logos to attack company."
This is a censorious abuse of copyright law to suppress criticism. It is, in essence, an attempt to use copyright law for everything except copyright. That SecureChannels would use copyright law to shield criticism on the basis that its trademarks are being used and because of "slander" is, well, hysterical. This is not a company interested in permitting people to criticize it.
A little while ago, I tweeted about how ridiculous it was that Twitter's legal team would go forward with the takedown on an obviously bogus takedown notice, and within 10 minutes, I was told by someone on Twitter's legal team that the notice had been reviewed and the posts had been restored.
Either way, for a company bragging that its "security" solution is "unhackable" -- you'd think the company would be more open to actual criticism. Instead, it seems to spend an inordinate amount of time attacking critics and abusing the law to try to silence them. Odd.
Danny O'Brien, over at the EFF's Deeplinks blog, has the story of how it appears China is pressuring the developers of tools for circumventing the Great Firewall of China to shut down their repositories and no longer offer the code. Two separate, non-commercial, developers of circumvention tools have quietly gone dark recently:
The maintainer of GoAgent, one of China's more popular censorship circumvention tools emptied out the project's main source code repositories on Tuesday. Phus Lu, the developer, renamed the repository’s description to “Everything that has a beginning has an end”. Phus Lu’s Twitter account's historywas also deleted, except for a single tweet that linked to a Chinese translation of Alexander Solzhenitsyn’s “Live Not By Lies”. That essay was originally published in 1974 on the day of the Russian dissident’s arrest for treason.
We can guess what caused Phus Lu to erase over four years’ work on an extremely popular program from the brief comments of another Chinese anti-censorship programmer, Clowwindy. Clowwindy was the chief developer of ShadowSocks, another tool that circumvented the Great Firewall of China by creating an encrypted tunnel between a simple server and a portable client. Clowwindy also deleted his or her Github repositories last week. In a comment on the now empty Github archive Clowwindy wrote in English:
Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from Github. I have no choice but to obey.
The author deleted that comment too shortly afterwards.
As you may recall, back in March, China launched a massive DDoS attack on Github, targeting another tool for getting around the Great Firewall, called Greatfire. It seems equally notable that in the last week, there was another big DDoS attempt on Github.
While it may not be surprising at all that China is looking to stop tools that allow people to get past the censorship wall that the Chinese government itself has created, it still is worrisome:
Chinese law has long forbidden the selling of telecommunication services that bypass the Great Firewall of China, as well as the creation or distribution of “harmful information”. Until recently, however, the authorities have not targeted the authors of non-commercial circumvention software, nor its users. Human Rights in China, a Chinese rights advocacy and research organization, told EFF that, based on its preliminary review, VPNs and circumvention software is not specifically prohibited under Chinese law. While the state interferes with people's ability to use such software, it has not outlawed the software itself.
In November, Phus Lu wrote a public declaration to clarify this point. In the statement, he stated that he has received no money to develop GoAgent, provided no circumvention service, nor asserted any political view.
As O'Brien notes, this is a reminder that code is speech -- and government intimidation to shut down code is a form of repressing speech. Though, as with many attempts to censor, it seems like this is more for show than actual impact:
It’s also as ultimately futile: while the Chinese authorities have chosen to target and disrupt two centralised stores of code, thousand of forked copies of the same software exist—both on other accounts on Github and in private copies around the Net. ShadowSocks and GoAgent represent hours of creative work for their authors, but the principle behind them is reproducible by many other coders. The Great Firewall may be growing more sophisticated in detecting and blocking new circumvention systems, but even as it does so, so new code blossoms.
Meanwhile the intimidation of programmers remains a violation of the human rights of the coder—and a blow to the rights of everyone who relies on their creativity to exercise their own rights.